authentication (azure) - ruby #421
Comments
baywet
added
the
help wanted
baywet
added
the
blocked
baywet
removed
the
blocked
|
As a recap here: azure/MIP don't have any plans to release MSAL/azure identity anytime soon. |
|
OAuth2 According to ruby.libhunt.com, the codebase is stable (and from their GitHub it looks like they're trying to push out another release). This project received L5 code quality rank (highest level) from Lumnify (the only info I found about Lumnify was here, so I don't know how reputable it is). OAuth2 seems relatively popular, and actively maintained (last commit was six days ago). OpenID connect is possible with this gem, per this post. The source code for OAuth2 is here. According to OAuth2's github, there are 20 open issues (because the team maintaining the big code base is quite small). The most concerning open issue is here and it's about MS OpenID Connect responses not containing an access token, and OAuth2 incorrectly throwing errors as a result. While this bug (specifically about MS Chart) is labeled open... it looks like people made a work around/fix/PR here (if you scroll to the bottom). In summary, that means the MS Chart/MS Open ID Connect thing may not be an issue anymore, and the open bugs list might just be outdated. I will add some more libraries in this thread |
|
Devise According to ruby.libhunt.com, the codebase is stable. This project received L5 code quality rank (highest level) from Lumnify (the only info I found about Lumnify was here, so I don't know how reputable it is). Devise is really popular (it’s the authentication library most Ruby-ers know or are familiar with) and actively maintained (last commit was nine days ago). OpenID connect is complicated with this gem, from what I could tell most people just used OAuth2. The most concerning thing about Devise is that it is primarily for Rails applications. Not everyone that wants to use a Ruby SDK will be creating a Rails application, making the SDK a lot denser than it has to be for certain users. This is an issue because one of the selling points of Kiota is that we generate lightweight, customizable SDKs. Similar gems (Doorkeeper (Rails), Clearance (Rails), etc) [Less popular versions] |
|
JWT JWT is a Ruby gem (library) that is “a pure ruby implementation of the RFC 7519 OAuth JSON Web Token (JWT) standard.” JWT makes secure API authentication easy. It is under an MIT license. According to ruby.libhunt.com, the codebase is stable. This project received L5 code quality rank (highest level) from Lumnify (the only info I found about Lumnify was here, so I don't know how reputable it is). JWT is relatively popular, and it’s increasing in popularity. It is also actively maintained (last commit was three days ago). OpenID connect is possible with this gem (see post for OAuth2 for link), from what I could tell most people just used it in conjunction with OAuth2 (which makes sense because the purpose of JWT is security). The source code for JWT is here. According to JWT’s github, there are 29 open issues, and about 4 of them are labeled as possible bugs; none of them look too concerning. It looks like JWT is a necessary add on to our chosen gem because security is important. |
|
Thanks for sharing all that additional information! One aspect I forgot to share in our initial connect is we can't make choices that'd force people to use rails because not everybody is. Yes rails is very popular in the Ruby community but as far as I understand it's a rather radical impact on the code base (web app vs any kind of app). |
|
To capture what was said on our call for other people watching:
|
ghost
added
Kiota currently doesn't provide an authentication library for Ruby.
This is a prerequisite for any client. currently blocked as there's no azure identity library for Ruby.
The text was updated successfully, but these errors were encountered: